Versions Compared

Old Version 61

changes.mady.by.user Pieter van der Meulen

Saved on

compared with

New Version 62

changes.mady.by.user Nicole Harris

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Title

IdP Maturity

Description

In the current eduGAIN SAML Profile work there is an effort to develop BCP to position a lot of the current "step-up" processes we have as a set of best current practice for eduGAIN.  Within eduGAIN, these will be positioned as what we consider mature entities  / federations to look like...and this could even possibly be flagged somehow.  The current requirements of eduGAIN will be promoted purely as a baseline and a "first step" to interoperability (acknowledging use cases that don't need any more than that).  The next logical step from that is to review whether there is any need to offer a central service to manage that maturity level for federations / entities as a bolt on to existing federation operations. This could take on a variety of forms and draw in a lot of the areas that have been proposed here. Options and areas could be:

- More work on the eduGAIN technical database to flag maturity for federation / entities.
- Establishing a REEP instance to allow entities to flag maturity when a federation is less developed.
- Allowing eduGAIN OT to decorate entities with additional information.
- Developing processes to allow MDS to select the most mature entity formulation within federations rather than simply the first submitted.
 -More advanced eduGAIN (including IdP certification, IdP categorisation, ...)
 -Standardise MRPS use
 -Standardise metadata publication practice

ProposerNicole Harris
Resource requirementsIt depends on the direction taken. Man hours in eduGAIN-OT for developing services, work for a policy lead, work to enhance eduGAIN support service. Possible infrastructure development
+1'sNick Roy, InCommon
CommentsSURFnet: It is unclear to us what is the purpose for this work and who will be the users.

...

Title

Enhance eduGAIN ops instrumentation with general metadata dashboard and augment existing eduGAIN API to query said stats

Description

The eduGAIN technical website would benefit it's members by having a central overall status dashboard that renders a single page with eduGAIN stats with initial focus on latency estimates for metadata circulation. This page should auto-refresh every X seconds/minutes as a configuration. It would be a 'nice to have' if this were operationally friendly such that someone could have it presented in their NOC control center on a screen and also have the data published at an API endpoint such that someone can publicly poll the information in JSON and then in turn render it on their own.

The problem this addresses is the knowledge gap about the state of the system without requiring operational questions or gueses. Many federations exhibit latency on republishing stemming from operational practices and offline signing techniques. It would be helpful to know in a dashboard fashion the following:

  • Last update of mds.edugain.org
  • And per federation last known update of eduGAIN data and time difference since MDS publishing (inferred by eduGAIN ops tools based on publishing practices in a best effort style calculation)

This will go a long way in managing expectations of when to expect data to circulate beyond '24-48hrs'. I suggest a simple table view of flag and age difference from MDS so we may know how far we all drift from each other republishing data from the eduGAIN MDS 'creation date'.

ProposerChris Phillips, CANARIE
Resource requirementsThis is an effort item, likely on eduGAIN OT with some API work too. I estimate it to be small (few days/1 week?), but highly useful and potentially a marketing tool as well.
+1's

CAF, obviously (smile)

SURFnet


TitleMisc

Scale eduroam infrastructure to the size of WIFI4EU

Description

These requirements were collected via the google form circulated during the I2 Tech Ex 2017.

  • stop inconsistent metadata handling practices
  • more marketing to increase adoption of Sirtfi and R&S
  • Standards for release; enforcing SP-based configuration standards
  • Unified specifications, broader push for common attribute release
  • Federated assertions infrastructure (LF note not sure what this means)
  • reduce the perceived complexity of participation to “support Facebook Connect”. We spent way to much time inventing new terms and ideas, not nearly enough time to reduce them down to “just do this”
  • A Global Trust & Identity Management Lab Plataform (At RNP we curretly offer to researchers gidlab.rnp.br) (2) Translations to portugues of main materials to expand eduGAIN information (3) Benefit costs technology map in order researchers and IT campus staff can start over the easier steps
  • easier integration for SPs
  • Not research based, but: larger framework to handle identity provisioning and deprovisioning as part of a single infrastructure that SPs would need to adopt and IDPs would need to deploy (think: AuthZ often requires local account for cloud service)
  • let's do eduVideo!
  • MDQ as a ubiquitous, class A service; Support for stronger authentication including proofing and binding practices in addition to taming the zoo of MFA beasts
  • federated Cloud access
  • IAM as a service, eduGAIN and eID/eIDAS synergy, more advanced eduGAIN (including IdP certification, IdP categorisation, ...)
ProposerVarious names we can contact them if needed.
Resource requirementseffort and coordination

There were a multitude of reasons why the GÉANT community couldn't run the infrastructure for WIFI4EU.

Sufficient issues were exposed by managing this as a single centrailsed infrastructure (partially addressed by "get eduroam", "eduroam DEEP Learning", "eduroam SP-as-a-Service"). By identifying all the scaling blocks to existing eduroam services we'd be able to offer advice, guidance and technology push into govroam, WIFI4EU and eduroam services to support the existing infrastructure and development in new territories.

ProposerBrook
Resource requirementsPeople
+1's


Title

A Global Trust & Identity Management Lab Platform

Description

The most interesting session that I had at TechEx 2017 ACAMP was asking "How do students federate an application?" with Fed-Lab.org and TestShib.org existing - but not solving all of the edge cases for new applications and especially new developers.

A student can pick a framework off the self - run through tutorials and then connect their application to a host of services (Github, Twitter, Facebook) but SAML often isn't an option - and even if it is - there is a lack of enviornments that a student/new developer can jump into to make their tool work. This needs to be solved to support new developers, create a sandbox for development and expose SAML integration for various frameworks.

Include OIDC

ProposerBrook (stolen from Andre Marins idea @ TechEx ACAMP 2017https://docs.google.com/document/d/1mvD27mGJQIkvaqXESijDKWrYKvF_ZlC-Ucb-gWRCJjo/edit )
Resource requirements
+1's


Title

Two Factor (something)

Description

  • Drive two factor towards ubiquity with low cost - create an eduToken (for the users that do not have a phone; critical mass can bring down the price even more. It can be implemented as a kickstarter campaign).

    • Challenges in deploying multi-factor in EU, partially due to the costs and partially due to the cost involved. A cost-effective approach would help.

    • An edu-token  as  a separate ‘token’ may reintroduce token management aspects (losing the token etc)

    • management is (will be even more) a non issue as the majority of people will use phones. We should strike for that.

ProposerFrom data gathering exercise
Resource requirements<money? effort? coordination? infrastructure?>
+1's<for others to voice their support - add your name here>


Title

Schema Standardisation

Description

Schema standardisation - MACEDir is being rechartered, there is eduPerson, SCHAC, where is the global conversation taking place in the eduPerson?

Ability to leverage the relationships with Microsoft and ADFS - Attempted for many years to influence microsoft to improve ADFS not very successful. We need as a global edu community to have some more leverage.

Proposerfrom data gathering exercise
Resource requirements<money? effort? coordination? infrastructure?>
+1'sprobably for REFEDS?


Title

eduTEAMS and guest IdPs

DescriptioneduTEAMS and guest IdPs - use-cases: need to support social IDs and guest IdP, but it need additional LoA. Step up authN as a service is in the plan
Proposerfrom data gathering exercise
Resource requirements<money? effort? coordination? infrastructure?>
+1'sisn't this the work being done in IoLR +REFEDS? +1's<for others to voice their support - add your name here>



You do not have to fill in every field, just give as much detail as you have right now if you know them.